So far, ransomware has been the signature cyberattack of 2017, with two record-breaking outbreaks happening in the past two months alone. In May the WannaCry ransomware infected hundreds of thousands of computers, disrupting hospitals, banks, businesses and more.
In late June, another malware dubbed NotPetya, initially thought to be an updated version of the Petya ransomware, caused mayhem across Ukraine, Russia and other countries. It later became evident that the malware was something much worse than ransomware.
In case you’ve never heard about ransomware, it’s a kind of virus that encrypts the files on your computers and locks you out until you pay the attackers a certain amount, usually in bitcoin. What makes ransomware especially dangerous is that the attacks are widespread and anyone can become a target, even average users.
Fortunately, there are several steps you can take to protect yourself against this nasty kind of malware that is fast becoming a favorite weapon in the arsenal of cybercriminals. Here’s what you need to know.
Install your updates in time
Both the WannaCry and NotPetya exploited vulnerabilities in the Windows operating system to spread across networks. But while Microsoft had already patched the security holes and released updates months before the attack, the hundreds of thousands of victims who got targeted hadn’t bothered installing them on their computers.
Keeping your operating system, browsers, antivirus and other software up to date with the latest patches is your first defense against ransomware, or any other malware for that matter.
Discard unnecessary features and software
Every operating system and software comes packed with tons of features, many of which open up network ports and internet connections. In many cases those same channels provide attackers with the attack vector they require to target you.
In the case of WannaCry and NotPetya, users who disabled Windows file and printer sharing would be spared from the spread of the attack to some extent. So if there’s an operating system feature that you don’t need, disable it.
Likewise, if there’s a browser extension that you don’t need, discard it or disable it. You might also want to remove software that you’ve installed a long time ago and don’t use anymore.
On the other hand, don’t disable your firewall or antivirus for the sake of getting rid of pesky warnings. Believe me, getting used to making a few extra clicks here and there is much better than opening up a Pandora’s box of security holes.
Don’t get phished
Social engineering continues to remain one of the prominent methods cybercriminals use to carry out their attacks. Instead of relying on technical failures in your system, social engineering attacks invest in deceit and human failure to target their victims.
Phishing scams, in which attackers send their target an email message containing an infected attachment, are one of the most popular forms of social engineering. Phishing emails often appear to come from a legitimate and trustable source such as a friend, coworker, or your banking service.
Once you download and open the attachment, the malicious payload executes and the ransomware starts to encrypt your files.
Unfortunately, the ultimate defense against social engineering attacks is good human judgement, so you’ll have to rely on your own wits to not get phished.
As a rule of thumb, never open an email attachment coming from an unknown sender. Even if the email is from someone you trust, act with discretion. If the email message is too compelling, incites fear, excitement, or any other feeling that gives you the urge to open the attachment, think twice before opening it, and take a few minutes to verify the message with the source through another method, such as phone or messaging app.
Finally, be especially wary of macro-embedded MS Office files, executables, and compressed files because ransomware attackers use them to spread their malware.
Backup your files
No matter how well established your defenses are, you should prepare yourself for the “when” not the “if.” If you get infected by ransomware, the best way to recover your files short of forking over bitcoins to the attacker is to restore backups. Let’s not forget that in some cases, even paying up to your attackers won’t get you your files back.
Having a good backup plan can make sure you get up and running in the shortest possible time. However, here are some considerations regarding backups:
Keep offline backups of your files: Local or mapped network drives are not a safe place to put your backups, because ransomware trojans scan and encrypt all of them.
Don’t keep backups in shared folders: Some breeds of ransomware tend to scan the network and encrypt files you store in shared folders, even if they’re not mapped as network drives. Moreover, ransomware such as NotPetya and WannaCry have been especially designed to quickly spread across devices on a local network.
Keep cloud backups: Keeping backups in Google Drive or another cloud storage solution is smart as long as you don’t map it to a local drive or folder.
Encrypt your drive
As ironic as it sounds, one of your defenses against file-encrypting ransomware is encryption itself. Using full-disk encryption on a peripheral drive (the hard disk where your non-system files are stored) will make it inaccessible to anyone who doesn’t have the passcode, including a malware that has compromised your computer.
To be fair, full-disk encryption is not a perfect solution because it is meant to protect against physical access to files, not malware. However, it does provide an extra measure of protection against ransomware. If at the time of the infection, your drive is locked, the ransomware won’t be able to access and encrypt its content.
To make optimal use of FDE, silo your files into different encrypted drives based on their sensitivity and frequency of use, and only unlock the drives when you need to access the files.
Use a limited user account
As a last tip to mitigate ransomware damage, make your regular user account a limited one and only use your administrator account for maintenance purposes. Yes, using a limited account will annoy you by blocking sensitive commands such as disabling your firewall or enabling file sharing, and prompting for the administrator password every time. But it will also make those commands unavailable to the malware that has compromised your user account. This won’t prevent the ransomware from encrypting the files you already have access to, but it can help contain the spread across your own system and other computers in your network.